Iranian Hackers Exploit Telegram for Data Theft

The FBI has issued an alert detailing how Iranian government hackers are leveraging Telegram to steal data from dissidents, opposition groups, and journalists globally. Attackers initiate contact by impersonating known contacts or tech support, tricking targets into downloading malicious files disguised as legitimate apps. Once installed, malware connects to Telegram bots, granting hackers remote control to exfiltrate files, capture screenshots, and record video calls. This method exploits Telegram's functionality to mask malicious activity within normal network traffic, evading detection by cybersecurity defenses. The FBI attributes these operations to Iran's Ministry of Intelligence and Security (MOIS).